2464. [port] linux: check that a capability is present before

trying to set it. [RT #18135]

CHANGES

@@ -1,3 +1,6 @@
+2464.	[port]		linux: check that a capability is present before
+			trying to set it. [RT #18135]
+
 2463.   [port]          linux: POSIX doesn't include the IPv6 Advanced Socket
 			API and glibc hides parts of the IPv6 Advanced Socket
 			API as a result.  This is stupid as it breaks how the

bin/named/unix/os.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: os.c,v 1.84 2008/05/06 01:30:26 each Exp $ */
+/* $Id: os.c,v 1.85 2008/10/15 05:00:57 marka Exp $ */
 
 /*! \file */
 
@@ -194,16 +194,20 @@ linux_setcaps(cap_t caps) {
 #define SET_CAP(flag) \
 	do { \
 		capval = (flag); \
-		err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \
-		if (err == -1) { \
-			isc__strerror(errno, strbuf, sizeof(strbuf)); \
-			ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
-		} \
-		\
-		err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, CAP_SET); \
-		if (err == -1) { \
-			isc__strerror(errno, strbuf, sizeof(strbuf)); \
-			ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
+		cap_flag_value_t curval; \
+		err = cap_get_flag(cap_get_proc(), capval, CAP_PERMITTED, &curval); \
+		if (err != -1 && curval) { \
+			err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \
+			if (err == -1) { \
+				isc__strerror(errno, strbuf, sizeof(strbuf)); \
+				ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
+			} \
+			\
+			err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, CAP_SET); \
+			if (err == -1) { \
+				isc__strerror(errno, strbuf, sizeof(strbuf)); \
+				ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
+			} \
 		} \
 	} while (0)
 #define INIT_CAP \